Bug 63312

I assume I am hitting the same problem with Tomcat 8.5.39. This doesn't happen in 8.5.38 or 9.0.16/17. But happens in 8.5.39

8.5.38/9.0.16/17 - Working:
Host: ms.senia.org:8080
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Origin: http://ms.senia.org:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Referer: http://ms.senia.org:8080/login
Content-Length: 35
Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071

username=gsadmin&password=sdfsdfsdfHTTP/1.1 302 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: SAMEORIGIN
Location: /login?error=true
Content-Length: 0
Date: Wed, 03 Apr 2019 18:17:12 GMT

GET /login?error=true HTTP/1.1
Host: ms.senia.org:8080
Origin: http://ms.senia.org:8080
Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
Referer: http://ms.senia.org:8080/login
Accept-Encoding: gzip, deflate
Accept-Language: en-us

8.5.39 - Failed on Redirect just a 401 or on safari a login.dms download..

POST /login HTTP/1.1
Host: ms.senia.org:8080
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Origin: http://ms.senia.org:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Referer: http://ms.senia.org:8080/login
Content-Length: 35
Cookie: _ga=GA1.2.1325695642.1548688812; __cfduid=da3e73689d4a06bf901836c2dadce38751531340071

username=gsadamin&password=sdfsdfsfHTTP/1.1 401 
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: SAMEORIGIN
Location: /login?error=true
Content-Length: 0
Date: Wed, 03 Apr 2019 18:13:25 GMT

(In reply to Greg Senia from comment #1)

Hey Greg,

As 8.5.39 is the only 8.5.x version that was released with the regression I'd say the probability that you're affected is very high.

Cheers,
Patryk
> I assume I am hitting the same problem with Tomcat 8.5.39. This doesn't
> happen in 8.5.38 or 9.0.16/17. But happens in 8.5.39
> 
> 8.5.38/9.0.16/17 - Working:
> Host: ms.senia.org:8080
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding: gzip, deflate
> Accept-Language: en-us
> Content-Type: application/x-www-form-urlencoded
> Origin: http://ms.senia.org:8080
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4)
> AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
> Referer: http://ms.senia.org:8080/login
> Content-Length: 35
> Cookie: _ga=GA1.2.1325695642.1548688812;
> __cfduid=da3e73689d4a06bf901836c2dadce38751531340071
> 
> username=gsadmin&password=sdfsdfsdfHTTP/1.1 302 
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
> Pragma: no-cache
> Expires: 0
> X-Frame-Options: SAMEORIGIN
> Location: /login?error=true
> Content-Length: 0
> Date: Wed, 03 Apr 2019 18:17:12 GMT
> 
> GET /login?error=true HTTP/1.1
> Host: ms.senia.org:8080
> Origin: http://ms.senia.org:8080
> Cookie: _ga=GA1.2.1325695642.1548688812;
> __cfduid=da3e73689d4a06bf901836c2dadce38751531340071
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4)
> AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
> Referer: http://ms.senia.org:8080/login
> Accept-Encoding: gzip, deflate
> Accept-Language: en-us
> 
> 8.5.39 - Failed on Redirect just a 401 or on safari a login.dms download..
> 
> POST /login HTTP/1.1
> Host: ms.senia.org:8080
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding: gzip, deflate
> Accept-Language: en-us
> Content-Type: application/x-www-form-urlencoded
> Origin: http://ms.senia.org:8080
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4)
> AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
> Connection: keep-alive
> Upgrade-Insecure-Requests: 1
> Referer: http://ms.senia.org:8080/login
> Content-Length: 35
> Cookie: _ga=GA1.2.1325695642.1548688812;
> __cfduid=da3e73689d4a06bf901836c2dadce38751531340071
> 
> username=gsadamin&password=sdfsdfsfHTTP/1.1 401 
> X-Content-Type-Options: nosniff
> X-XSS-Protection: 1; mode=block
> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
> Pragma: no-cache
> Expires: 0
> X-Frame-Options: SAMEORIGIN
> Location: /login?error=true
> Content-Length: 0
> Date: Wed, 03 Apr 2019 18:13:25 GMT

Fixed in:
- 8.5.x for 8.5.40 onwards

Thanks for the report and for tracking down the missing back-port.

Thanks for fixing! I probably spent half a day figuring out that this was why error redirects didn't work.
Other than upgrading, is there any known work-around for this problem?

Sorry, upgrading is the only way to fix this.

Sorry, upgrading is the only way to fix this.